CVE-2013-1922
Published: 15 April 2013
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.
Notes
Author | Note |
---|---|
jdstrand | attack is: privileged attacker in the guest that uses a raw image writes data to beginning of device. Later, someone on the host uses qemu-nbd on the attacker-modified image. When the guest is rebooted, the attacker may have access to other files. On Ubuntu, the preferred virtualization management technology is libvirt. As of USN-1008-1, libvirt does not probe the disk format, which reduces this attack to a denial of server for the guest (ie, the attacker-modified image is not usable on reboot). TODO: review use in nova |
mdeslaur | patch just introduced new --format option. Default behaviour is still to autodetect. Adding this new option doesn't fix the issue by itself, so marking as "low" We will not be fixing this issue in Ubuntu 12.04 LTS. |
Priority
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(1.5.0+dfsg-3ubuntu2)
|
|
trusty |
Not vulnerable
(1.5.0+dfsg-3ubuntu2)
|
|
upstream |
Needed
|
|
utopic |
Not vulnerable
(1.5.0+dfsg-3ubuntu2)
|
|
vivid |
Not vulnerable
(1.5.0+dfsg-3ubuntu2)
|
|
wily |
Not vulnerable
(1.5.0+dfsg-3ubuntu2)
|
|
xenial |
Not vulnerable
(1.5.0+dfsg-3ubuntu2)
|
|
yakkety |
Not vulnerable
(1.5.0+dfsg-3ubuntu2)
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=e6b636779b51c97e67694be740ee972c52460c59 |
||
qemu-kvm Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=e6b636779b51c97e67694be740ee972c52460c59 |